NSA collects data from millions of cellphones worldwide

The U.S. National Security Agency is collecting location data daily from tens of millions of cellphones around the world, the Washington Post reported Wednesday.

The report is based on documents obtained from former NSA contractor turned document leaker Edward Snowden and interviews with U.S. officials.

The five billion or so cellphone records collected by the agency every day include data on millions of Americans who use personal devices while traveling aboard.

Since Snowden began leaking information in June, there has been a string of stories detailing varied NSA data collection programs.

The disclosures have raised widespread security and privacy concerns around the world and have spawned calls for greater transparency and oversight over NSA data collection activities.

In a statement, the American Civil Liberties Union expressed dismay at the sheer scale and scope of the program described yesterday.

"It is staggering that a location-tracking program on this scale could be implemented without any public debate, particularly given the substantial number of Americans having their movements recorded by the government," the civil liberties group said.

"The dragnet surveillance of hundreds of millions of cell phones flouts our international obligation to respect the privacy of foreigners and Americans alike," the ACLU said

The collected cellphone data is fed into a massive database from where it's combed with a suite of sophisticated analytic tools collectively dubbed CO-TRAVELER, the report aid. The tools let NSA analysts to identify cellphones and quickly retrace their movements to find hidden relationships among the people using them, the Post said, citing unnamed sources.

The analytics suite includes tools that can map the date, time and location of cellphones to find significant moments of overlap. "Other tools compute speed and trajectory for large numbers of mobile devices, overlaying the electronic data on transportation maps to compute the likely travel time and determine which devices might have intersected," the Post said in its report.

Individuals who use disposable phones, or who switch on their phones only long enough to make calls, are usually marked for special attention by the NSA. CO-TRAVELER is designed, for instance, to note when a new phone connects to a cell tower soon after an existing phone is used for the last time, the Post report said.

The apparent goal of the massive data collection effort is to identify people meeting overseas with foreign intelligence targets.

The NSA gets much of the cellphone data directly from cables linking the networks of major U.S and international mobile service providers. The spy agency also works with at least two large corporate partners, identified only as ARTIFICE and WOLFPOINT, to administer and manage the equipment used to intercept and collect the data.

Though the NSA does not collect location data on Americans by design, in reality the agency ends up collecting metadata, including detailed location information, on potentially millions of Americans, the Post report said.

U.S. intelligence officials told the newspaper that the cell phone data collection program i legal and aims only to acquire information about foreign intelligence targets. No U.S. intelligence agency deliberately collects bulk information from cellphones in the United States, agency officials claimed.

An NSA spokeswoman on Wednesday declined a Computerworld request for comment on the report.

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.